Computer Crime Research Center

library/725.jpg

Digital Legislation

Date: October 15, 2003
Source: Computer Crime Research Center
By: Alexander Baranov

Page 1 2 3 4 Next
... using it. Practically every day we make sure of such threats reality. For ill intention or curiosity, hackers check the reliability of computer network and system protection with enviable constancy.


It should be paid attention to that the desire of bill authors to create a harmonious, methodologically justified system of certification gets smashed against the reefs of reality. As an equivalent of the autograph Article 4 of the bill recognizes the electronic signature that conforms to two main requirements: 1) digital electronic signatures should be made and checked by reliable means of digital signature; 2) digital electronic signature should be checked with the help of intensified certificate of a key.


What should the lawmaker specify as reliable means of e-signature? It turns out that the bill authors offer a “remarkable” mixture. If there is a certificate of conformance (to what?) or a positive expert conclusion (about what?) of the authorized body, or it approved the operation of this means (on the ground of what?), it is a reliable means of the digital signature. The authors of Article 2 seem to have little knowledge of opportunities for cryptographic protection of information in Ukraine and so, just in case, they gave these three variants practically eliminating each other. The bill has many such inexact legislative norms that result in washing away the heart of its text content.


However, let us return to the analysis of the bill methodological principles. The hardly regulated state obligatory system of the digital e-signature certification unambiguously outlines borders of its use – within Ukraine. It means that along with potentialities of providing high security and reliability for the use of e-signatures such an approach crosses all the hopes of an international cooperation in this field. We should clearly realize that we deny the participation in the international e-trade when putting into practice the offered model. The home business-structures will surely take part in it but under others’ rules and laws. In this case, the state refuses an appropriate legal protection to them. Is it right?


In addition, the bill does not comply with the EU directive by some items. It should be noted that in this case the reference to the EU directive does not demonstrate the adherence to a “foreign policy vector”. The document only includes the experience of many years and results of various experts’ work.


First, the broad and open notion of an e-signature used in the directive is brought to a digital e-signature in the bill thereby illegally excluding other ways of current or future e-identification. Secondly, the demand for obligatory accreditation of key certifying centers conflicts with the spirit of the EU directive and Ukraine’s legislation. Thirdly, Article 5 of the directive unambiguously determines that the e-signature does not lose its importance when it is used without certification attributes. Article 6 of Ukraine’s bill gives the right to use the digital e-signature with no certificate of a key but such application has an insignificant legal force in Article 4. In other words, no legally significant signatures should exist beyond the certification system! The authors’ attempt to combine regulations of the EU directive and Germany’s legislation led to the lack of logic in Ukraine’s bill.


However, the situation has a way out. It consists in reviewing all the bill standards and eliminating all the deviations from Germany’s approach. Then it is required to introduce a new draft “On electronic signature” that should be completely harmonized with the directive. The amended bill “On electronic digital signature” should become its separate chapter, which norms as obligatory will regulate relations connected with the use of e-signature in the state and bank spheres. Then in the process of documentary relationships business-structures and physical persons will have the right to freely choose any system of e-signature realization in mutual agreement including state i.e. digital e-signature at the definite level of confidence.



The electronic government means that with internal and external connections and processes to be supported and provided with appropriate information computer technologies. The term “government” is defined as authoritative structures ranged from the Cabinet of ministers and ministries to regional state administrations. Ukraine has recently discusses this idea in an active way and taken first steps of its realization.


The e-government is not a mechanic combination of information technologies and government but a new philosophy of the state administration. Therefore, a new legislative base should be elaborated to make a reality of this idea. First, it should attach a legal status to electronic documents and signature. Then it is necessary to adapt a normative base that regulates an office work in the state establishments to features of using computer technologies. The electronic information resources that will be located in the computer networks by state bodies for interdepartmental and public use should have a legal status as well.


The legal regulation of providing the population and business with online services contains some main problems. The legislation should clearly establish general conditions of providing such services and features of their separate types; regulate an order of putting in applications and standardize forms of documents to be used. Special attention should be paid to the problem of legislative guarantees for providing such services. The idea of e-government is doomed to failure without solving legal issues.



The use of computer information technologies to provide the population and business with services results in accumulating various data on persons. Disclosing such information in an unauthorized way can often inflict the damage. The first national legislative acts regulating the protection of personal data (information on a person) appeared in 80s last century. Then the international legal documents establishing principles and order of protecting personal data were elaborated. In 1996 the author of this article touched upon this subject on pages of Ukraine’s “ZN”. Then a group of authors prepared the complex of legislative acts including the draft “On protection of personal data”. The bill was thoroughly examined by dozens of departments, presented in two monographs and officially submitted to Ukraine’s Cabinet of ministers late 2000.


However, by virtue of strange reasons, the further movement of the bill has come to a standstill in spite of that some other legislative acts including that “On single register of physical persons” for Ministry of Justice were based on it. Moreover, it had to become a legislative umbrella for operation of many national computer systems; in particular, a single state automated passport system with huge amount of personal information. The demand to protect personal data in computer systems of taxation and militia authorities, medical and educational institutes, as well as business structures has a dual destination. However, on the other hand, it is a functional protection from hacking attacks against computer systems of these structures.


The last Parliament elaborated its own variant of the bill based on the material of corresponding European convention and directive. It should be noted that it features some methodological mistakes and lack of logic. For example, the bill defines “sensitive data” as personal information that results in high danger for data subjects when processed. Nevertheless, the data processing itself bears no risk. Only spreading or using personal data in an unauthorized way can inflict the damage. All these defects can be eliminated. However, the bill has not passed even the first reading. Therefore, Ukrainian people remain unprotected from obtaining, spreading and using personal information in an unauthorized way or for illegal purposes.



Every day Internet-issues increase, radio stations appear in the computer network and mass shows are directly broadcasted as on air. Soon the single portal and single transport, telecommunication technologies will provide users with an access to printing, TV and radio information sources. Since the various information traffics will be integrated on the user’s level, the convergence of information sources that will operate in the single integrated technological environment seems to be quite logical and obvious. The integration of radio, TV and Internet-technologies will allow meeting high information demands of users. This convergence will result in developing new mass communications that will give an opportunity to watch (read) TV block of news, any film from the studio film collection, carry on a dialogue with a favorite political correspondent, find and read any newspaper and journal at any moment without leaving a working place.


New technologies lead to new social relations. When new social relations appear, they need to be legally regulated. Consequently, early or late the legislation regulating the activity of mass communications, features of producing, spreading and using information products under new technological conditions should be introduced. However, there are some problems to be legally regulated today.


Some TV news programs have their Internet-versions. There emerge a question of their legal status. On the one hand, the traditional activity of TV-radio organization is reflected by other...
Page 1 2 3 4 Next
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo